From 0be926715d3aef3b2bfa0e27a9095cdd06d309e1 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 9 Oct 2018 10:32:08 -0400
Subject: [PATCH] PKCS8 Fix Attempt #1

---
 salt/filebeat/etc/filebeat.yml                |  2 +-
 salt/filebeat/init.sls                        |  2 +-
 salt/firewall/init.sls                        | 27 +++++++++++++++++++
 .../files/dynamic/0006_input_beats.conf       |  4 +--
 salt/logstash/init.sls                        |  2 +-
 salt/ssl/init.sls                             | 19 +++++++++++--
 6 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index cabb0b719..2e5bfa986 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -844,7 +844,7 @@ output.logstash:
   ssl.certificate: "/usr/share/filebeat/filebeat.crt"
 
   # Client Certificate Key
-  ssl.key: "/usr/share/filebeat/filebeat.key"
+  ssl.key: "/usr/share/filebeat/filebeat.p8"
 
   # Optional passphrase for decrypting the Certificate Key.
   #ssl.key_passphrase: ''
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 5749c73bb..72ece0876 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -60,5 +60,5 @@ so-filebeat:
       - /nsm/bro/spool/manager:/nsm/bro/spool:ro
       - /opt/so/log/suricata:/suricata:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
-      - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
+      - /opt/so/conf/filebeat/etc/pki/filebeat.p8:/usr/share/filebeat/filebeat.p8:ro
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index c3fdac0e3..f2d916a0a 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -212,6 +212,33 @@ enable_standard_beats_5044_{{ip}}:
 
 {% endfor %}
 
+# Allow Analysts
+{% for ip in pillar.get('analyst')  %}
+
+enable_standard_analyst_80_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 80
+    - position: 1
+    - save: True
+
+enable_standard_analyst_443_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 443
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Rules for storage nodes connecting to master
 
 
diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
index 3f8a62973..0a17efcdf 100644
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -9,7 +9,7 @@ input {
     ssl => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"
-    ssl_key => "/usr/share/logstash/filebeat.key"
+    ssl_key => "/usr/share/logstash/filebeat.p8"
     tags => [ "beat" ]
   }
-}
\ No newline at end of file
+}
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 2b2a04451..131a4e962 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -131,5 +131,5 @@ so-logstash:
       - /opt/so/log/logstash:/var/log/logstash:rw
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
       - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
-      - /etc/pki/filebeat.key:/usr/share/logstash/filebeat.key:ro
+      - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.p8:ro
       - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 995bf6c1e..c3029c10c 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -31,6 +31,13 @@ m2cryptopkgs:
         bits: 4096
         backup: True
 
+# Convert the key to pkcs#8 so logstash will work correctly.
+filebeatpkcs:
+  cmd.run:
+    - name: /usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8
+    - onchanges:
+      - file: /etc/pki/filebeat.key
+
 # Create Symlinks to the keys so I can distribute it to all the things
 filebeatdir:
   file.directory:
@@ -39,8 +46,8 @@ filebeatdir:
 
 fbkeylink:
   file.symlink:
-    - name: /opt/so/saltstack/salt/filebeat/files/filebeat.key
-    - target: /etc/pki/filebeat.key
+    - name: /opt/so/saltstack/salt/filebeat/files/filebeat.p8
+    - target: /etc/pki/filebeat.p8
 
 fbcrtlink:
   file.symlink:
@@ -83,4 +90,12 @@ fbcertdir:
         bits: 4096
         backup: True
 
+# Convert the key to pkcs#8 so logstash will work correctly.
+filebeatpkcs:
+  cmd.run:
+    - name: /usr/bin/openssl pkcs8 -in /opt/so/conf/filebeat/etc/pki/filebeat.key -topk8 -out /opt/so/conf/filebeat/etc/pki/filebeat.p8
+    - onchanges:
+      - file: /opt/so/conf/filebeat/etc/pki/filebeat.p8
+
+
 {% endif %}